I have some further info on this. MAybe a mod could add more. i have a similar trojan which is killing me and I like all of you could not get malwarebytes to run. I tried everything suggested. My administrator account had a password that i must have put in years ago and forgot about. However I did have another administrator account i set up for my son and forgot about. I installed with the above instructions there and it worked great. The program found nothing and I still get redirected explorer which shuts down when i try to connect to antivirus sights. it even turns off my vshield . There is no way of knowing which trojan i have since it all comes up clean but thought i would pass this along to help someone else.

if you can not get malwarebytes  to run try creating a new administrator account ( provided you are at administrator level of course ) and see if it will install and run that way.

i do not know why but my malwarebytes used to run before then stopped. Who knows. maybe it is my virus checker that is stopping malware bytes from running.

I am wondering now if this new account i created will stillhave the same issues. hmmmm.......

I have been trying this fix, and followed all steps.  Unfortunately, it does not seem to ever finish installing (I am at almost 2 hours, and the folder I have it installing to is blank).  would it work to run install (setup.exe) from Safe mode?  Should I pull out and try again?

 

First download Avira ISO and burn it to a CD.

 

Then download a Linux ISO called SytemRescueCD.

 

Create bootable CD's with these ISO's.

 

Boot your PC with the Avira CD and scan your computer.  When it is done, scroll up through the log and write down all of the virus filenames Avira found including the directory paths where it found them.  Select the option to restart your PC.

 

While the PC is starting to reboot, replace the Avira bootable CD with the SystemRescueCD and let the PC boot with that CD.

 

Once the SystemRescueCD has finished booting, mount your hard-drive according to the instructions, change directory to your mounted hard-drive, change directory to WINDOWS, change directory to system32, run this command:

 

ntfs-3g /dev/sda1 /mnt/windows

 

cd /mnt/windows

 

cd WINDOWS

 

cd system32

 

To remove the TDSS virus that the OP is talking about, enter this command to see if they are there:

 

dir TDSS*.*

 

You should see at least seven files.  To get rid of them enter this command:

 

rm TDSS*.* -f

 

Then from the "system32" folder change directory to the "drivers" folder and run the above command again:

 

cd drivers

 

rm TDSS*.* -f

 

Now, if Avira found any other virus', go to those directory's and delete those files as well.  To get Malwarebytes to install normally though, you should only have to remove TDSS.

 

Now, to change directory back to the Linux root (get off your hard-drive) and unmount the hard-drive enter these commands:

 

cd /

 

umount /mnt/windows

 

Then restart the PC by entering this command:

 

shutdown -r now

 

As the PC is restarting, remove the CD, let the machine boot into Windows, and then run the Malwarebytes removal program.

 

If anyone needs more detailed instructions, such as "How do I burn an ISO to a CD?", send me a message.  Google is your friend.

Post Edited (cokeonice) : 05-02-2009 16:44:05 GMT